Sophos appliance TCPDUMP
I would suggest to enable TCPDUMP option log for a more detailed view of network traffic
Aaron Mason commented
I just enable shell and run tcpdump from the command line. Also allows one to drill down as deep as needed:
# tcpdump -I reds0 ip dst 10.0.0.80 and not tcp port 3389
If you need details, use the -w option to output to a file, scp it to your machine and open it with Wireshark.
Would be nice to automate this, though. Put time/size limits on though, the pcap files can get very big very fast.
Very nice idea. Sometimes very helpful.